Hello Splunkers.
How can I integrate IdM (Identity Manager) with Splunk?
For LDAP data, I'm using the Splunk Support for Active Directory add-on so I can run a ldapsearch
command.
But I'm kind of lost on how to integrate IdM (IdM by Novell).
Any ideas?
Thank you all!
Regards
I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.
I ended up creating a shell script that creates a dump from IdM and it is indexed in Splunk.
For my needs, it worked.
hi, could you let me know abput this script?, i have the same problem
I'm not sure about Novell IdM, but many IdM providers use the SAML protocol to authenticate users.
You can configure SAML authentication according to the following documentation: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/HowSAMLSSOworks
If it doesn't support SAML, try to figure out which protocols it does support and you may find an app to integrate with it.
Worst-case, you can use Splunk's scripted authentication interface or the Linux PAM interface to pass through the authentication from the servers that Splunk runs on.
I'm trying to use the Splunk Support for Active Directory add-on, but I receive the following error:
idmprd01.bnet: Could not access the directory service at ldap://idmprd01.bnet:389
Here is my ldap.conf
[bnet]
alternatedomain = bnet\
basedn = dc=bnet
binddn = splunk
password =
server = idmprd01.bnet
ssl = 0
Any ideas?
You will need to file a ticket and have them open port to LDAP and you better use LDAPs (usually port 636 i believe)
but best to configure SAML using the authentication settings.
In fact, what I want is to get the identity data that is at IdM.
For example, I can get an ID from application logs, and I want to get the login e user name on IdM that correlates to this ID.
I think that Splunk Support for Active Directory add-on can help me on this one, I'm not sure how to configure it.